public void Constructors()
{
Console.WriteLine("Entering: JwtSecurityToken_Constructor");
RunConstructionTest(
new JwtSecurityTokenTestVariation
{
Name = "ClaimsSet with all Reserved claim types, ensures that users can add as they see fit",
Claims = ClaimSets.AllReserved,
ExpectedException = ExpectedException.NoExceptionExpected,
});
RunConstructionTest(
new JwtSecurityTokenTestVariation
{
Name = "All null params",
Issuer = null,
Audience = null,
Claims = null,
SigningCredentials = null,
ExpectedException = ExpectedException.NoExceptionExpected,
});
RunConstructionTest(
new JwtSecurityTokenTestVariation
{
Name = "NotBefore > Expires, .Net datetime",
NotBefore = DateTime.UtcNow + TimeSpan.FromHours(1),
Expires = DateTime.UtcNow,
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX12401"),
});
RunConstructionTest(
new JwtSecurityTokenTestVariation
{
Name = "NotBefore > Expires, UnixEpoch - 1 ms",
NotBefore = DateTime.UtcNow,
Expires = EpochTime.UnixEpoch - TimeSpan.FromMilliseconds(1),
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX12401"),
});
RunConstructionTest(
new JwtSecurityTokenTestVariation
{
Name = "NotBefore > Expires, UnixEpoch - 1 s",
NotBefore = DateTime.UtcNow,
Expires = EpochTime.UnixEpoch - TimeSpan.FromSeconds(1),
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX12401"),
});
RunConstructionTest(
new JwtSecurityTokenTestVariation
{
Name = "NotBefore == DateItime.MinValue",
NotBefore = DateTime.MinValue,
Expires = DateTime.UtcNow,
});
}
public void GetHeaderValues()
{
var context = new CompareContext();
TestUtilities.WriteHeader($"{this}.GetHeaderValues");
var token = new JsonWebToken(jObject, "{}");
var intarray = token.GetHeaderValue <int[]>("intarray");
IdentityComparer.AreEqual(new int[] { 1, 2, 3 }, intarray, context);
var array = token.GetHeaderValue <object[]>("array");
IdentityComparer.AreEqual(new object[] { 1L, "2", 3L }, array, context);
var name = token.GetHeaderValue <string>("string");
IdentityComparer.AreEqual("bob", name, context);
var floatingPoint = token.GetHeaderValue <float>("float");
IdentityComparer.AreEqual(42.0, floatingPoint, context);
var integer = token.GetHeaderValue <int>("integer");
IdentityComparer.AreEqual(42, integer, context);
var nill = token.GetHeaderValue <object> ("nill");
IdentityComparer.AreEqual(nill, null, context);
var boolean = token.GetHeaderValue <bool>("bool");
IdentityComparer.AreEqual(boolean, true, context);
try // Try to retrieve a value that doesn't exist in the header.
{
token.GetHeaderValue <int>("doesnotexist");
}
catch (Exception ex)
{
ExpectedException.ArgumentException("IDX14303:").ProcessException(ex, context);
}
try // Try to retrieve an integer when the value is actually a string.
{
token.GetHeaderValue <int>("string");
}
catch (Exception ex)
{
ExpectedException.ArgumentException("IDX14305:", typeof(System.FormatException)).ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public static TheoryData <JwtTheoryData> InvalidEncodedSegmentsData(string errorString, TheoryData <JwtTheoryData> theoryData)
{
theoryData.Add(new JwtTheoryData
{
CanRead = true,
TestId = nameof(EncodedJwts.InvalidPayload),
Token = EncodedJwts.InvalidPayload,
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX12723:", inner: typeof(JsonReaderException))
});
return(theoryData);
}
public static TheoryData <string, string, ExpectedException> InvalidEncodedSegmentsData(string errorString)
{
var dataSet = new TheoryData <string, string, ExpectedException>();
dataSet.Add(
"Test1",
EncodedJwts.InvalidPayload,
ExpectedException.ArgumentException(substringExpected: "IDX10723:", inner: typeof(FormatException))
);
return(dataSet);
}
public void Constructors()
{
OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage();
Assert.Equal(openIdConnectMessage.IssuerAddress, string.Empty);
openIdConnectMessage = new OpenIdConnectMessage()
{
IssuerAddress = "http://www.got.jwt.com"
};
Assert.Equal(openIdConnectMessage.IssuerAddress, "http://www.got.jwt.com");
ExpectedException expectedException = ExpectedException.NoExceptionExpected;
string json = @"{""response_mode"":""responseMode"", ""response_type"":""responseType"", ""refresh_token"":""refreshToken""}";
string badJson = @"{""response_mode"":""responseMode"";""respone_mode"":""badResponeMode""}";
// null stirng json
expectedException = ExpectedException.ArgumentNullException();
TestJsonStringConstructor((string)null, expectedException);
// bad string json
expectedException = ExpectedException.ArgumentException("IDX10106");
TestJsonStringConstructor(badJson, expectedException);
// no exception, well-formed json
expectedException = ExpectedException.NoExceptionExpected;
openIdConnectMessage = TestJsonStringConstructor(json, expectedException);
Assert.True(openIdConnectMessage.RefreshToken.Equals("refreshToken"), "openIdConnectMessage.RefreshToken does not match expected value: refreshToken");
Assert.True(openIdConnectMessage.ResponseMode.Equals("responseMode"), "openIdConnectMessage.ResponseMode does not match expected value: refreshToken");
Assert.True(openIdConnectMessage.ResponseType.Equals("responseType"), "openIdConnectMessage.ResponseType does not match expected value: refreshToken");
Assert.True(openIdConnectMessage.ClientId == null, "openIdConnectMessage.ClientId is not null");
// no exception, using JObject ctor
expectedException = ExpectedException.NoExceptionExpected;
try
{
openIdConnectMessage = new OpenIdConnectMessage(JObject.Parse(json));
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
Assert.True(openIdConnectMessage.RefreshToken.Equals("refreshToken"), "openIdConnectMessage.RefreshToken does not match expected value: refreshToken");
Assert.True(openIdConnectMessage.ResponseMode.Equals("responseMode"), "openIdConnectMessage.ResponseMode does not match expected value: refreshToken");
Assert.True(openIdConnectMessage.ResponseType.Equals("responseType"), "openIdConnectMessage.ResponseType does not match expected value: refreshToken");
Assert.True(openIdConnectMessage.ClientId == null, "openIdConnectMessage.ClientId is not null");
// test with an empty JObject
openIdConnectMessage = new OpenIdConnectMessage(new JObject());
}
public static TheoryData <OpenIdConnectMessageTheoryData> ConstructorsTheoryData()
{
return(new TheoryData <OpenIdConnectMessageTheoryData>
{
new OpenIdConnectMessageTheoryData
{
First = true,
ExpectedException = ExpectedException.ArgumentNullException("IDX10000:"),
Json = "",
TestId = "empty string"
},
new OpenIdConnectMessageTheoryData
{
ExpectedException = ExpectedException.ArgumentNullException("IDX10000:"),
TestId = "null string"
},
new OpenIdConnectMessageTheoryData
{
ExpectedException = ExpectedException.ArgumentNullException("IDX10000:"),
Json = @"{""response_mode"":""responseMode"", ""response_type"":""responseType"", ""refresh_token"":""refreshToken""}",
TestId = "null jobject"
},
new OpenIdConnectMessageTheoryData
{
ExpectedException = ExpectedException.ArgumentException("IDX21106"),
Json = @"{""response_mode"":""responseMode"";""respone_mode"":""duplicateResponeMode""}",
TestId = "ResponseMode duplicated"
},
new OpenIdConnectMessageTheoryData
{
JObject = new JObject(),
Json = "{}",
Message = new OpenIdConnectMessage(),
TestId = "empty json string, empty jobj"
},
new OpenIdConnectMessageTheoryData
{
JObject = JObject.Parse(@"{""response_mode"":""responseMode"", ""response_type"":""responseType"", ""refresh_token"":""refreshToken""}"),
Json = @"{""response_mode"":""responseMode"", ""response_type"":""responseType"", ""refresh_token"":""refreshToken""}",
Message = new OpenIdConnectMessage
{
RefreshToken = "refreshToken",
ResponseMode = "responseMode",
ResponseType = "responseType"
},
TestId = "ValidJson"
}
});
}
public static TheoryData <JwtTheoryData> InvalidNumberOfSegmentsData(string errorString, TheoryData <JwtTheoryData> theoryData)
{
theoryData.Add(new JwtTheoryData
{
CanRead = false,
ExpectedException = ExpectedException.ArgumentNullException(),
TestId = "null"
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
ExpectedException = ExpectedException.ArgumentNullException(),
TestId = "emptystring",
Token = ""
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
ExpectedException = ExpectedException.ArgumentException(errorString),
TestId = "a",
Token = "a"
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
ExpectedException = ExpectedException.ArgumentException(errorString),
TestId = "a.b",
Token = "a.b"
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
ExpectedException = ExpectedException.ArgumentException(errorString),
TestId = "a.b.c.d",
Token = "a.b.c.d"
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
ExpectedException = ExpectedException.ArgumentException(errorString),
TestId = "a.b.c.d.e.f",
Token = "a.b.c.d.e.f"
});
return(theoryData);
}
public static TheoryData <string, string, ExpectedException> InvalidNumberOfSegmentsData(string errorString)
{
var dataSet = new TheoryData <string, string, ExpectedException>();
dataSet.Add(
"Test1",
null,
ExpectedException.ArgumentNullException()
);
dataSet.Add(
"Test2",
"",
ExpectedException.ArgumentNullException()
);
dataSet.Add(
"Test3",
"a",
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test4",
"a.b",
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test5",
"a.b.c.d",
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test6",
"a.b.c.d.e.f",
ExpectedException.ArgumentException(errorString)
);
return(dataSet);
}
public void GetClaim()
{
var context = new CompareContext();
var jsonWebToken = new JsonWebToken("{}", jObject.ToString());
foreach (var claim in payloadClaims)
{
var claimToCompare = jsonWebToken.GetClaim(claim.Type);
IdentityComparer.AreEqual(claim, claimToCompare, context);
}
try // Try to retrieve a value that doesn't exist in the payload.
{
jsonWebToken.GetClaim("doesnotexist");
}
catch (Exception ex)
{
ExpectedException.ArgumentException("IDX14304:").ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void EncodedStringConstruction()
{
Console.WriteLine("Entering: JwtSecurityToken_EncodedStringConstruction");
string[] tokenParts = EncodedJwts.Asymmetric_LocalSts.Split('.');
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: OverClaims",
EncodedString = EncodedJwts.OverClaims,
ExpectedException = ExpectedException.NoExceptionExpected,
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: InvalidPayloadFormat",
EncodedString = EncodedJwts.InvalidPayload,
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX10703:", inner: typeof(FormatException)),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: null",
EncodedString = null,
ExpectedException = ExpectedException.ArgumentNullException(),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: string.Empty",
EncodedString = string.Empty,
ExpectedException = ExpectedException.ArgumentNullException(),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: single character: '1'",
EncodedString = "1",
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX10709:"),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: two parts each a single character: '1.2'",
EncodedString = "1.2",
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX10709:"),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: header is not encoded properly: '123'",
EncodedString = string.Format("{0}.{1}.{2}", "123", tokenParts[1], tokenParts[2]),
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX10703:", inner: typeof(Newtonsoft.Json.JsonReaderException)),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: header is not encoded properly: '123=='",
EncodedString = string.Format("{0}.{1}.{2}", "123==", tokenParts[1], tokenParts[2]),
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX10709"),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: payload is not encoded correctly: '123'",
EncodedString = string.Format("{1}.{0}.{2}", "123", tokenParts[0], tokenParts[2]),
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX10703:", inner: typeof(Newtonsoft.Json.JsonReaderException)),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: payload is not encoded properly: '123=='",
EncodedString = string.Format("{1}.{0}.{2}", "123==", tokenParts[0], tokenParts[2]),
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX10709:"),
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)",
EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]),
ExpectedException = ExpectedException.NoExceptionExpected,
});
RunEncodedTest(new JwtSecurityTokenTestVariation
{
Name = "EncodedString: invalid encoding, 4 parts",
EncodedString = string.Format("{0}.{1}.{2}.{3}", tokenParts[0], tokenParts[1], tokenParts[2], tokenParts[2]),
ExpectedException = ExpectedException.ArgumentException(substringExpected: "IDX10709:"),
});
}
public async Task FromNetwork()
{
OpenIdConnectConfiguration configuration = await GetConfigurationFromHttpAsync(OpenIdConfigData.AADCommonUrl, expectedException : ExpectedException.NoExceptionExpected);
Assert.NotNull(configuration);
await GetConfigurationFromHttpAsync(string.Empty, expectedException : ExpectedException.ArgumentNullException());
await GetConfigurationFromHttpAsync(OpenIdConfigData.BadUri, expectedException : ExpectedException.ArgumentException("IDX20108:"));
await GetConfigurationFromHttpAsync(OpenIdConfigData.HttpsBadUri, expectedException : ExpectedException.IOException(inner: typeof(HttpRequestException)));
}
public void Constructors()
{
var context = new CompareContext {
Title = "OpenIdConnectConfigurationTests.Constructors"
};
RunOpenIdConnectConfigurationTest((string)null, new OpenIdConnectConfiguration(), ExpectedException.ArgumentNullException(), context);
RunOpenIdConnectConfigurationTest(OpenIdConfigData.JsonAllValues, OpenIdConfigData.FullyPopulated, ExpectedException.NoExceptionExpected, context);
RunOpenIdConnectConfigurationTest(OpenIdConfigData.OpenIdConnectMetatadataBadJson, null, ExpectedException.ArgumentException(substringExpected: "IDX21815:", inner: typeof(JsonReaderException)), context);
TestUtilities.AssertFailIfErrors(context);
}
public void GetPayloadValues()
{
var context = new CompareContext();
TestUtilities.WriteHeader($"{this}.GetPayloadValues");
var token = new JsonWebToken("{}", jObject);
var intarray = token.GetPayloadValue <int[]>("intarray");
IdentityComparer.AreEqual(new int[] { 1, 2, 3 }, intarray, context);
var array = token.GetPayloadValue <object[]>("array");
IdentityComparer.AreEqual(new object[] { 1L, "2", 3L }, array, context);
// only possible internally within the library since we're using Microsoft.IdentityModel.Json.Linq.JObject
var jobject = token.GetPayloadValue <JObject>("jobject");
IdentityComparer.AreEqual(JObject.Parse(@"{ ""string1"":""string1value"", ""string2"":""string2value"" }"), jobject, context);
var name = token.GetPayloadValue <string>("string");
IdentityComparer.AreEqual("bob", name, context);
var floatingPoint = token.GetPayloadValue <float>("float");
IdentityComparer.AreEqual(42.0, floatingPoint, context);
var integer = token.GetPayloadValue <int>("integer");
IdentityComparer.AreEqual(42, integer, context);
var nill = token.GetPayloadValue <object>("nill");
IdentityComparer.AreEqual(nill, null, context);
var boolean = token.GetPayloadValue <bool>("bool");
IdentityComparer.AreEqual(boolean, true, context);
var dateTimeValue = token.GetPayloadValue <string>("dateTime");
IdentityComparer.AreEqual(dateTimeValue, dateTime.ToString(), context);
var dateTimeIso8061Value = token.GetPayloadValue <DateTime>("dateTimeIso8061");
IdentityComparer.AreEqual(dateTimeIso8061Value, dateTime, context);
try // Try to retrieve a value that doesn't exist in the header.
{
token.GetPayloadValue <int>("doesnotexist");
}
catch (Exception ex)
{
ExpectedException.ArgumentException("IDX14304:").ProcessException(ex, context);
}
try // Try to retrieve an integer when the value is actually a string.
{
token.GetPayloadValue <int>("string");
}
catch (Exception ex)
{
ExpectedException.ArgumentException("IDX14305:", typeof(System.FormatException)).ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public static TheoryData <JwtTheoryData> InvalidRegExSegmentsData(string errorString, TheoryData <JwtTheoryData> theoryData)
{
var validRegEx = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9";
var invalidRegEx = "eyJpc3MiOiJodHRwOi8vR290Snd0LmNvbSIsImF1Z CI6Imh0";
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: first position'",
Token = invalidRegEx + "." + validRegEx + "." + validRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: second position'",
Token = validRegEx + "." + invalidRegEx + "." + validRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: third position'",
Token = validRegEx + "." + validRegEx + "." + invalidRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: fourth position'",
Token = validRegEx + "." + validRegEx + "." + validRegEx + "." + invalidRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: fifth position'",
Token = validRegEx + "." + validRegEx + "." + validRegEx + "." + validRegEx + "." + invalidRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: first position (dir)'",
Token = invalidRegEx + ".." + validRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: third position (dir)'",
Token = validRegEx + ".." + invalidRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: fourth position (dir)'",
Token = invalidRegEx + ".." + validRegEx + "." + invalidRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: fifth position (dir)'",
Token = invalidRegEx + ".." + validRegEx + "." + validRegEx + "." + invalidRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: first position (dir, Cipher text missing)'",
Token = invalidRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: third position (dir, Cipher text missing)'",
Token = validRegEx + "." + invalidRegEx + "." + validRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: third position (four parts)'",
Token = validRegEx + "." + invalidRegEx + ".",
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'invalidRegEx: fifth position (dir, Cipher text missing)'",
Token = validRegEx + "." + validRegEx + "." + invalidRegEx,
ExpectedException = ExpectedException.ArgumentException(errorString)
});
theoryData.Add(new JwtTheoryData
{
CanRead = false,
TestId = "'Encoding == SignedEncodedJwts.Asymmetric_LocalSts'",
Token = "SignedEncodedJwts.Asymmetric_LocalSts",
ExpectedException = ExpectedException.ArgumentException(errorString)
});
return(theoryData);
}
public void ValidateToken()
{
// parameter validation
Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
TestUtilities.ValidateToken(securityToken: null, validationParameters: new TokenValidationParameters(), tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentNullException(substringExpected: "name: securityToken"));
TestUtilities.ValidateToken(securityToken: "s", validationParameters: null, tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentNullException(substringExpected: "name: validationParameters"));
tokenHandler.MaximumTokenSizeInBytes = 1;
TestUtilities.ValidateToken(securityToken: "ss", validationParameters: new TokenValidationParameters(), tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentException(substringExpected: "IDX10209"));
tokenHandler.MaximumTokenSizeInBytes = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
string samlToken = IdentityUtilities.CreateSaml2Token();
TestUtilities.ValidateToken(samlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
// EncryptedAssertion
SecurityTokenDescriptor tokenDescriptor =
new SecurityTokenDescriptor
{
AppliesToAddress = IdentityUtilities.DefaultAudience,
EncryptingCredentials = new EncryptedKeyEncryptingCredentials(KeyingMaterial.DefaultAsymmetricCert_2048),
Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(1)),
SigningCredentials = KeyingMaterial.DefaultAsymmetricSigningCreds_2048_RsaSha2_Sha2,
Subject = IdentityUtilities.DefaultClaimsIdentity,
TokenIssuerName = IdentityUtilities.DefaultIssuer,
};
samlToken = IdentityUtilities.CreateSaml2Token(tokenDescriptor);
TestUtilities.ValidateToken(samlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, tokenHandler, new ExpectedException(typeExpected: typeof(EncryptedTokenDecryptionFailedException), substringExpected: "ID4022"));
TokenValidationParameters validationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters;
validationParameters.TokenDecryptionKeys = new List <SecurityKey> {
KeyingMaterial.DefaultX509Key_2048
}.AsReadOnly();
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
TestUtilities.ValidateTokenReplay(samlToken, tokenHandler, validationParameters);
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
validationParameters.LifetimeValidator =
(nb, exp, st, tvp) =>
{
return(false);
};
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, new ExpectedException(typeExpected: typeof(SecurityTokenInvalidLifetimeException), substringExpected: "IDX10230:"));
validationParameters.ValidateLifetime = false;
validationParameters.LifetimeValidator = IdentityUtilities.LifetimeValidatorThrows;
TestUtilities.ValidateToken(securityToken: samlToken, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: ExpectedException.NoExceptionExpected);
}
public static TheoryData <string, string, ExpectedException> InvalidRegExSegmentsData(string errorString)
{
var validRegEx = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9";
var invalidRegEx = "eyJpc3MiOiJodHRwOi8vR290Snd0LmNvbSIsImF1Z CI6Imh0";
var dataSet = new TheoryData <string, string, ExpectedException>();
dataSet.Add(
"Test1",
invalidRegEx + "." + validRegEx + "." + validRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test2",
validRegEx + "." + invalidRegEx + "." + validRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test3",
validRegEx + "." + validRegEx + "." + invalidRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test4",
validRegEx + "." + validRegEx + "." + validRegEx + "." + invalidRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test5",
validRegEx + "." + validRegEx + "." + validRegEx + "." + validRegEx + "." + invalidRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test6",
invalidRegEx + ".." + validRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test7",
validRegEx + ".." + invalidRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test8",
invalidRegEx + ".." + validRegEx + "." + invalidRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test9",
invalidRegEx + ".." + validRegEx + "." + validRegEx + "." + invalidRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test10",
invalidRegEx + "." + validRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test11",
validRegEx + "." + invalidRegEx + "." + validRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test12",
validRegEx + "." + invalidRegEx + ".",
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test13",
validRegEx + "." + validRegEx + "." + invalidRegEx,
ExpectedException.ArgumentException(errorString)
);
dataSet.Add(
"Test14",
"SignedEncodedJwts.Asymmetric_LocalSts",
ExpectedException.ArgumentException(errorString)
);
return(dataSet);
}
public static TheoryData <string, JwtSecurityTokenTestVariation, JwtSecurityTokenTestVariation, string, ExpectedException> EmbeddedTokenConstructorData()
{
var dataSet = new TheoryData <string, JwtSecurityTokenTestVariation, JwtSecurityTokenTestVariation, string, ExpectedException>();
dataSet.Add("Embedded token all properties null",
// outer token
new JwtSecurityTokenTestVariation
{
RawHeader = null,
RawEncryptedKey = null,
RawInitializationVector = null,
RawCiphertext = null,
RawAuthenticationTag = null,
},
// inner token
new JwtSecurityTokenTestVariation
{
Issuer = null,
Audience = null,
Claims = null,
SigningCredentials = null,
},
String.Empty,
ExpectedException.ArgumentNullException()
);
JwtSecurityTokenTestVariation innerToken = new JwtSecurityTokenTestVariation
{
NotBefore = DateTime.MinValue,
Expires = DateTime.UtcNow,
};
JwtSecurityTokenTestVariation outerValidJweDirect = CreateVariationOnToken(EncodedJwts.ValidJweDirect);
dataSet.Add("ValidJweDirect- Construct by parts", outerValidJweDirect, innerToken, String.Empty, ExpectedException.NoExceptionExpected);
dataSet.Add("ValidJweDirect- Construct by string", outerValidJweDirect, null, EncodedJwts.ValidJweDirect, ExpectedException.NoExceptionExpected);
JwtSecurityTokenTestVariation outerValidJweDirect2 = CreateVariationOnToken(EncodedJwts.ValidJweDirect2);
dataSet.Add("ValidJweDirect2- Construct by parts", outerValidJweDirect2, innerToken, String.Empty, ExpectedException.NoExceptionExpected);
dataSet.Add("ValidJweDirect2- Construct by string", outerValidJweDirect2, null, EncodedJwts.ValidJweDirect2, ExpectedException.NoExceptionExpected);
JwtSecurityTokenTestVariation outerValidJwe = CreateVariationOnToken(EncodedJwts.ValidJwe);
dataSet.Add("ValidJwe- Construct by parts", outerValidJwe, innerToken, String.Empty, ExpectedException.NoExceptionExpected);
dataSet.Add("ValidJwe- Construct by string", outerValidJwe, null, EncodedJwts.ValidJwe, ExpectedException.NoExceptionExpected);
JwtSecurityTokenTestVariation outerValidJwe2 = CreateVariationOnToken(EncodedJwts.ValidJwe2);
dataSet.Add("ValidJwe2- Construct by parts", outerValidJwe2, innerToken, String.Empty, ExpectedException.NoExceptionExpected);
dataSet.Add("ValidJwe2- Construct by string", outerValidJwe2, null, EncodedJwts.ValidJwe2, ExpectedException.NoExceptionExpected);
// Hand in a valid variation. We should fail before the variation is used.
dataSet.Add("Invalid outer token 1- Construct by string", outerValidJweDirect, null, EncodedJwts.InvalidJwe, ExpectedException.ArgumentException(substringExpected: "IDX12709"));
dataSet.Add("Invalid outer token 2- Construct by string", outerValidJweDirect, null, EncodedJwts.InvalidJwe2, ExpectedException.ArgumentException(substringExpected: "IDX12709"));
dataSet.Add("Invalid outer token 3- Construct by string", outerValidJweDirect, null, EncodedJwts.InvalidJwe3, ExpectedException.ArgumentException(substringExpected: "IDX12709"));
dataSet.Add("Invalid outer token 4- Construct by string", outerValidJweDirect, null, EncodedJwts.InvalidJwe4, ExpectedException.ArgumentException(substringExpected: "IDX12709"));
dataSet.Add("Invalid outer token 5- Construct by string", outerValidJweDirect, null, EncodedJwts.InvalidJwe5, ExpectedException.ArgumentException(substringExpected: "IDX12709"));
dataSet.Add("Invalid outer token 6- Construct by string", outerValidJweDirect, null, EncodedJwts.InvalidJwe6, ExpectedException.ArgumentException(substringExpected: "IDX12709"));
return(dataSet);
}